$2.7 million await successful Pwnium 4 contestants
Posted on 24 January 2014.
Google has, once again, called security researchers to participate in its annual Pwnium contest scheduled to be held at the CanSecWest security conference in Vancouver in mid-March.

The fourth edition of the hacking contest will, as last year, focus on the company's Chrome OS, and competitors will contend for sizeable prizes.

Contestants who manage to execute a browser or system-level compromise in guest mode or as a logged-in user, delivered via a web page, will win $110,000, and those who carry our a compromise with device persistence (“persistent Guest-to-Guest exploit” with interim reboot, delivered via a web page) will gain a cool $150,000.

The prize pool is $2.71828 million in total.

"New this year, we will also consider significant bonuses for demonstrating a particularly impressive or surprising exploit. Potential examples include defeating kASLR, exploiting memory corruption in the 64-bit browser process or exploiting the kernel directly from a renderer process," explained Jorge Lucángeli Obes, Google security engineer and Pwnium Master of Ceremonies.

"Past Pwnium competitions have focused on Intel-based Chrome OS devices, but this year researchers can choose between an ARM-based Chromebook, the HP Chromebook 11 (WiFi), or the Acer C720 Chromebook (2GB WiFi) that is based on the Intel Haswell microarchitecture. The attack must be demonstrated against one of these devices running the then-current stable version of Chrome OS."

As usual, to win a prize they will have to deliver a full exploit with thorough explanations about the exploited bugs. Any software included with the default installation may be used as part of the attack.

Researchers thinking of registering have until March 10th, 2014 to decide.

For more details, check out the official rules for the contest.


Using Hollywood to improve your security program

Posted on 29 July 2014.  |  Tripwire CTO Dwayne Melancon spends a lot of time on airplanes, and ends up watching a lot of movies. Some of his favorite movies are adventures, spy stuff, and cunning heist movies. A lot of these movies provide great lessons that we can apply to information security.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Wed, Jul 30th